Hi James, Please pull these blob-stacking changes for security-next.
Thanks! -Kees The following changes since commit bfeffd155283772bbe78c6a05dec7c0128ee500c: Linux 5.0-rc1 (2019-01-06 17:08:20 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/blob-stacking-security-next for you to fetch changes up to a5e2fe7ede1268d2f80fe49ca1f717d0e3750995: TOMOYO: Update LSM flags to no longer be exclusive (2019-01-08 13:18:45 -0800) ---------------------------------------------------------------- LSM: Module stacking for SARA and Landlock The combined series of LSM refactoring and addition of blob-sharing for SARA and Landlock. ---------------------------------------------------------------- Casey Schaufler (19): LSM: Add all exclusive LSMs to ordered initialization procfs: add smack subdir to attrs Smack: Abstract use of cred security blob SELinux: Abstract use of cred security blob SELinux: Remove cred security blob poisoning SELinux: Remove unused selinux_is_enabled AppArmor: Abstract use of cred security blob TOMOYO: Abstract use of cred security blob Infrastructure management of the cred security blob SELinux: Abstract use of file security blob Smack: Abstract use of file security blob LSM: Infrastructure management of the file security SELinux: Abstract use of inode security blob Smack: Abstract use of inode security blob LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security SELinux: Abstract use of ipc security blobs Smack: Abstract use of ipc security blobs LSM: Infrastructure management of the ipc security blob Kees Cook (19): LSM: Introduce LSM_FLAG_LEGACY_MAJOR LSM: Provide separate ordered initialization LSM: Plumb visibility into optional "enabled" state LSM: Lift LSM selection out of individual LSMs LSM: Build ordered list of LSMs to initialize LSM: Introduce CONFIG_LSM LSM: Introduce "lsm=" for boottime LSM selection LSM: Tie enabling logic to presence in ordered list LSM: Prepare for reorganizing "security=" logic LSM: Refactor "security=" in terms of enable/disable LSM: Separate idea of "major" LSM from "exclusive" LSM apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE LSM: Split LSM preparation from initialization LoadPin: Initialize as ordered LSM Yama: Initialize as ordered LSM LSM: Introduce enum lsm_order capability: Initialize as LSM_ORDER_FIRST TOMOYO: Update LSM flags to no longer be exclusive Documentation/admin-guide/LSM/index.rst | 13 +- Documentation/admin-guide/kernel-parameters.txt | 4 + fs/proc/base.c | 64 ++- fs/proc/internal.h | 1 + include/linux/cred.h | 1 - include/linux/lsm_hooks.h | 40 +- include/linux/security.h | 15 +- include/linux/selinux.h | 35 -- kernel/cred.c | 13 - security/Kconfig | 41 +- security/apparmor/Kconfig | 16 - security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 16 +- security/apparmor/include/file.h | 5 +- security/apparmor/include/lib.h | 4 + security/apparmor/include/task.h | 18 +- security/apparmor/lsm.c | 65 ++- security/apparmor/task.c | 6 +- security/commoncap.c | 9 +- security/loadpin/loadpin.c | 8 +- security/security.c | 635 +++++++++++++++++++++--- security/selinux/Kconfig | 15 - security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 - security/selinux/hooks.c | 345 ++++--------- security/selinux/include/audit.h | 3 - security/selinux/include/objsec.h | 38 +- security/selinux/selinuxfs.c | 4 +- security/selinux/ss/services.c | 1 - security/selinux/xfrm.c | 4 +- security/smack/smack.h | 44 +- security/smack/smack_access.c | 4 +- security/smack/smack_lsm.c | 316 ++++-------- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 22 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 49 +- security/yama/yama_lsm.c | 8 +- 39 files changed, 1133 insertions(+), 793 deletions(-) delete mode 100644 include/linux/selinux.h delete mode 100644 security/selinux/exports.c -- Kees Cook
